Cloud Security Resources

superior_hosting_service

Cloud

A curated list of awesome cloud security related resources.

Infrastructure

  • aws_pwn: A collection of AWS penetration testing junk
  • aws_ir: Python installable command line utility for mitigation of instance and key compromises.
  • aws-vault: A vault for securely storing and accessing AWS credentials in development environments.
  • awspx: A graph-based tool for visualizing effective access and resource relationships within AWS.
  • azucar: A security auditing tool for Azure environments
  • checkov: A static code analysis tool for infrastructure-as-code.
  • cloud-forensics-utils: A python lib for DF & IR on the cloud.
  • Cloud-Katana: Automate the execution of simulation steps in multi-cloud and hybrid cloud environments.
  • cloudlist: Listing Assets from multiple Cloud Providers.
  • Cloud Sniper: A platform designed to manage Cloud Security Operations.
  • Cloudmapper: Analyze your AWS environments.
  • Cloudmarker: A cloud monitoring tool and framework.
  • Cloudsploit: Cloud security configuration checks.
  • Cloud-custodian: Rules engine for cloud security, cost optimization, and governance.
  • cs suite: Tool for auditing the security posture of AWS/GCP/Azure.
  • Deepfence ThreatMapper: Apache v2, powerful runtime vulnerability scanner for kubernetes, virtual machines and serverless.
  • dftimewolf: A multi-cloud framework for orchestrating forensic collection, processing and data export.
  • diffy: Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix.
  • ElectricEye: Continuously monitor AWS services for configurations.
  • Forseti security: GCP inventory monitoring and policy enforcement tool.
  • Hammer: A multi-account cloud security tool for AWS. It identifies misconfigurations and insecure data exposures within most popular AWS resources.
  • kics: Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code.
  • Metabadger: Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2).
  • Open policy agent: Policy-based control tool.
  • pacbot: Policy as Code Bot.
  • pacu: The AWS exploitation framework.
  • Prowler: Command line tool for AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool.
  • ScoutSuite: Multi-cloud security auditing tool.
  • Security Monkey: Monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
  • SkyWrapper: Tool helps to discover suspicious creation forms and uses of temporary tokens in AWS.
  • Smogcloud: Find cloud assets that no one wants exposed.
  • Steampipe: A Postgres FDW that maps APIs to SQL, plus suites of API plugins and compliance mods for AWS/Azure/GCP and many others.
  • Terrascan: Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
  • tfsec: Static analysis powered security scanner for Terraform code.
  • Zeus: AWS Auditing & Hardening Tool.

Container

  • auditkube: Audit for for EKS, AKS and GKE for HIPAA/PCI/SOC2 compliance and cloud security.
  • Falco: Container runtime security.
  • mkit: Managed kubernetes inspection tool.
  • Open policy agent: Policy-based control tool.

SaaS

  • aws-allowlister: Automatically compile an AWS Service Control Policy with your preferred compliance frameworks.
  • binaryalert: Serverless S3 yara scanner.
  • cloudsplaining: An AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
  • Cloud Guardrails: Rapidly cherry-pick cloud security guardrails by generating Terraform files that create Azure Policy Initiatives.
  • Function Shield: Protection/destection lib of aws lambda and gcp function.
  • FestIN: S3 bucket finder and content discover.
  • GCPBucketBrute: A script to enumerate Google Storage buckets.
  • IAM Zero: Detects identity and access management issues and automatically suggests least-privilege policies.
  • Lambda Guard: AWS Lambda auditing tool.
  • Policy Sentry: IAM Least Privilege Policy Generator.
  • S3 Inspector: Tool to check AWS S3 bucket permissions.
  • Serverless Goat: A serverless application demonstrating common serverless security flaws.
  • SkyArk: Tool to helps to discover, assess and secure the most privileged entities in Azure and AWS.

Penetration testing/learning

  • ccat: Cloud Container Attack Tool.
  • CloudBrute: A multiple cloud enumerator.
  • cloudgoat: “Vulnerable by Design” AWS deployment tool.
  • Leonidas: A framework for executing attacker actions in the cloud.
  • Sadcloud: Tool for spinning up insecure AWS infrastructure with Terraform.
  • TerraGoat: Bridgecrew’s “Vulnerable by Design” Terraform repository.

Native tools

Reading Materials

AWS

  1. Overiew of AWS Security
  2. AWS-IAM-Privilege-Escalation by RhinoSecurityLabs: A centralized source of all AWS IAM privilege escalation methods.
  3. MITRE ATT&CK Matrices of AWS
  4. AWS security workshops

Azure

  1. Overiew of Azure Security
  2. Azure security fundamentals
  3. MicroBurst by NetSPI: A collection of scripts for assessing Microsoft Azure security
  4. MITRE ATT&CK Matrices of Azure
  5. Azure security center workflow automation

GCP

  1. Overiew of GCP Security
  2. GKE security scenarios demo
  3. MITRE ATT&CK Matrices of GCP
  4. Security response automation

Others

  1. Cloud Security Research by RhinoSecurityLabs
  2. CSA cloud security guidance v4
  3. Appsecco provides training
  4. Cloud Risk Encyclopedia by Orca Security: 900+ documented cloud security risks, with ability to filter by cloud vendor, compliance framework, risk category, and criticality.

Resource

AWS

  1. Bucket search by grayhatwarfare

Others

  1. Mapping of On-Premises Security Controls vs. Major Cloud Providers Services

The Cloud Security is a github repository by 808Mak1r